Tuesday August 14, 2018

Washington News

IRS Urges Strong Passwords

Most Americans have financial, social media, Social Security, retirement, phone, internet, retail and other online accounts. Each account has a username and a password.

Some financial, tax, government and other accounts also offer "two-factor" authentication. With two-factor authentication, you log on to the account, then a verification code is texted to your mobile phone (it is usually valid for a short period of time). You must then enter that code in order to access your account.

In IR-2018-151, the Service published guidelines for creating strong passwords. These strong password guidelines are helpful for both tax professionals and consumers.

There are nine IRS recommended methods for creating and tracking strong passwords.

Minimum Length  Passwords should be at least eight characters. Passwords with ten to fourteen characters are even more secure.

Characters  Use a combination of at least one uppercase letter, one number and lowercase letters in your passwords. For greater security, include symbols such as !, @ or #.

Not Personal  Avoid using your name, street, city, pet's name or other personal information in your password.

Change Defaults  Many devices, such as your home internet modem, are set up with "password" as the default password. You should change "password" to a new 8-14 character and number password. There are multiple email hacking cases with users who had "password" as their password. This was poor judgment.

Reusing Passwords  Do not use the same password for multiple accounts. Each account should have a unique password.

Email Address Username  If permitted, use a unique username rather than an email address. If this is not permitted, you may reduce risk by not using your primary email address. You can create another email address through one of many complimentary email services.

Secure Storage  If you keep a written or electronic list of passwords, store the printed list or a thumb drive with the electronic file in a safe, locked cabinet or other secure location.

Disclosure  Do not share your passwords with anyone. Do share the access method to your passwords with your electronic executor and authorize him or her to access your accounts. As is the case with all executors, you should be careful in selecting a trustworthy person as your electronic executor.

Password Manager  There are several companies that provide password manager programs with 256-bit encryption. If you use this method, set up a strong password for the account and share it with your electronic executor.

Editor's Note: Many Americans now have 40-80 total online accounts. With a password manager program, you can have 40-80 strong, unique passwords. It is also much more secure to use two-factor authentication on your bank and retirement accounts. You may want to use a password manager software to transfer encrypted data from one device to another so you always have a backup of your passwords.